res_pjsip/config_transport: Prevent async_operations > 1 when protocol = tls

See ASTERISK-25615.
If the transport protocol is tls and async_operations > 1, pjproject
will segfault if more than one operation is attempted on the same socket.
Until this is fixed upstream, a check has been added to throw an error
if a tls transport config has async_operations set to > 1.

ASTERISK-25615

Change-Id: I76b9a5b2a5a0054fe71ca5851e635f2dca7685a6
Reported-by: George Joseph
Tested-by: George Joseph

diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c
index e9986612c6a61438f3b213d345c242e0ff8979d0..e2f0c7f4347cfac0db759005bf25017569904774 100644 (file)
--- a/res/res_pjsip/config_transport.c
+++ b/res/res_pjsip/config_transport.c
@@ -216,6 +216,14 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
 
                res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg, &transport->state->factory);
        } else if (transport->type == AST_TRANSPORT_TLS) {
+               /* The following check is a work-around for ASTERISK-25615.
+                * When that issue is resolved in upstream pjproject, this check can be removed.
+                */
+               if (transport->async_operations > 1) {
+                       ast_log(LOG_ERROR, "Transport: %s: When protocol=tls, async_operations can't be > 1 (ASTERISK-25615)\n",
+                                       ast_sorcery_object_get_id(obj));
+                       return -1;
+               }
                transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file);
 #ifdef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2
                transport->tls.ca_list_path = pj_str((char*)transport->ca_list_path);